Electronics, Music and Technology

Atlantic Canada is very fortunate to have access to Bell Aliant FibreOP Internet. It is a legitimate Fibre-to-the-Home (FTTH) service, in the same price range as cable and DSL offerings. Speeds start at 50/30 (download/upload in Mbps) for $70/month without any promotions.

As great as the Internet itself is, the wireless router they include is the bottleneck. It is an Actiontec R1000H. Our biggest headaches with it were low WiFi throughput and frequent WiFi drop, but the interface was a little lacking in advanced features.

The logical solution is to use another router. Unfortunately, Bell has configured the service in a way that simply swapping in a new router will not work at all!

Through some research and my own trial and error, I was able to install pfSense to a spare computer, and take control of my Internet.

Disclaimer:Do not follow these steps if you have Bell’s IPTV service, as it will no longer work. There are other sites that describe how to keep those services working, but mine does not. As well, though there should be no impact, I advise against doing this if you have FiberOP Home Phone and rely on it for emergency communications.

This is not an easy task. It requires a very good understanding of computer networking, basic understanding of Linux networking terminology, and availability of network equipment (switches, wireless access points, cables, NICs). Chances are you found this page because you meet some of that description. Just know that if it isn’t working out, you can plug in the Actiontec and pretend it never happened.

First – LMGTFY

Step 1 is to always look online. It is very likely someone else has posted their experiences. Sure enough, I found some forum threads that helped point me in the right direction. In the end, the one that was the most help was post #73 in this one. However, if you don’t have a spare computer, here is a cheap but very effective alternative.

They key to getting it to work was to know that Bell sends all WAN traffic out of the fibre modem on a different VLAN. Specifically, VLAN 35. Knowing this, it becomes clear that no off-the-shelf consumer router is going to do the job out of the box.

You need a router that supports VLAN tagging, and the ability to treat a VLAN as the WAN connection.

I am a big fan of DD-WRT, and tried to accomplish the above using my DIR-615 with DD-WRT. Unfortunately, I could not get it to work with the options available in the web UI.

Instead of spending too much effort to get it to work on embedded hardware, I went the easy route: setup a pfSense Linux Router.

Creating a pfSense Router

pfSense is a distribution based on FreeBSD that allows you to easily create and manage a very powerful router, firewall, and other services device. It has an excellent UI with many, many features, and will let you dig into advanced features if you want to.

pfSense Step 1: Install

Boot your computer from the pfSense ISO, and run through the installation process.

The simple install, with minimal questions, should be fine for most users, and saves a lot of questions you might not have answers for.

It may ask you which interface to assign as WAN, LAN, and Optional (you should skip this last one). Feel free to assign the roles to your 2 NICs as you see fit, but write it down!

This assumes both of your network cards are a minimum 100 Mbps. There is no point using slower 10 Mbit cards, as the Internet connection is 5 times that.

pfSense Step 2: Configure

Once pfSense boots up on its own, connect another computer to the port you designated as the LAN port, and in your web browser go to http://192.168.1.1. You are now connected to the management interface.

Navigate to the Interfaces -> WAN menu. In here, you will need to enter the WAN MAC address of your Actiontec router. Bell uses this to ensure that it is their router you are using. The MAC address is written on a sticker on your router, and can also be found on the router’s management page.

Be sure the enter the entire MAC address, and click save.

Now move to the Interfaces -> (assign) menu. Select the VLANs tab, and click the icon to create a new VLAN. It should look something like this:

We are creating a VLAN, tagged 35, which will allow us to communicate with the fibre modem provided by Bell. Again, click save, and head back to Interfaces -> (assign). Now, in the WAN drop-down menu, select VLAN 35 on ABx, which you just created. Click save again. You have just instructed pfSense to treat VLAN 35 as the WAN connection, or the source of Internet traffic.

This concludes the pfSense configuration. There are only a few small steps before inserting the pfSense router into your network for good.

Ending the Actiontec

One recommendation I read, before just unplugging the Actiontec, is to release the DHCP lease it has from the modem. To do this, from a computer connected to the Actiontec, visit http://192.168.2.1. Log in with your admin credentials, and Release the DHCP WAN lease. I don’t have a screenshot for this, but it shouldn’t be too difficult to find.

I didn’t do this, but I did encounter some issues at first getting my setup to work. Hopefully, this will make it go smoothly for you.

Once you Release the IP address, you can unplug the Actiontec.

Introducing the pfSense Router

Connect the cable entering the WAN port of the Actiontec to the network card you assigned as the WAN of the pfSense router. This is the cable coming from the Fibre modem installed by Bell.

With a computer still connected to the LAN port of the pfSense router, try to visit a webpage. Assuming everything is plugged in and powered on correctly, you should be presented the page you asked for.

At this point, you can add a switch for other computers, or a wireless access point. In my case, I have a switch connecting to three switches, where two are wireless.

Optionally, you may want a UPS for this, because even though the Bell modem will stay powered during a power outage, the pfSense computer will not.

Measured Improvement

Using my DIR-615 routers with DD-WRT as access points, WiFi performance also jumped, with downloads up to 35 Mbps, vs. the 8 Mbps with the Actiontec.

Troubleshooting

Troubleshooting is a bit beyond the scope of this document, namely because there are so many things that could go wrong. The best troubleshooting is to make sure the steps are followed, that your set-up makes sense, and that if something seems wrong, investigate.

For me, I noticed that when the pfSense router in unplugged from the modem, or rebooted, I lose Internet. To fix it, I have to toggle the WAN assignment to another connection, then back to the VLAN. Not sure why, but with my UPS I hope it won’t be a task I do frequently.

Good Luck!

This project was 100% worthwhile. As I host a lot of services for myself over the network (HTTP, RDP, VoIP, FTP), it is important to be able to have full control over my NAT and Firewall settings. As well, being able to monitor throughput and advanced logs allows me to keep learning and improving my network.

If you are ready to ditch the Actiontec router, and are keen to see routers in a different way, this project will throw you in head first.

19 Comments to Making Bell FibreOP Work With a pfSense Router

Hey, I really like this guide. I don’t think it includes the workings for the dual IP routing setup and the vlan for the TV portion though. I know some people have been able to get that working too. I’m going to throw pfsense on to my ONT and try and post it (I know it’s vlan 34 and I know that vlan 33 is used for some other control stuff but not “required” unless you need some remote management stuff.)

I didn’t cover the TV portion of the set-up because, well, we don’t have that service! Some of the links I included have very good instructions for getting it to work, essentially just passing VLAN 34 straight to the ONT.

pfSense is great, it has the right balance of usability and advanced features. I plan on improving my server by using a low-power Intel Atom machine, and Gigabit Ethernet.

Haha, awesome! pfSense is so powerful, it really gives you control over your network. Power consumption was my biggest concern, and is why I went with a small DD-WRT router. I was using an older AMD Athlon 64 machine, and performance was fine, but I had some issues with it. DHCP would seem to stop giving out IPs after a couple weeks, or WAN would drop out. I blame the NIC cards I used, just because of how old they are (old 3com 3c905 and integrated enforce Ethernet).

Good luck with your setup, hopefully you are able to rack up some serious uptime with it!

I really want to do this. I followed all of your steps to the letter and I keep getting IP address 0.0.0.0 on the WAN.

I did notice that the ONT was flashing red/yellow like it normaly does with the Actiontec router. I noticed that when I have any commercial router plugged in it always flashes green so I assume red/yellow is a good thing.

I live in Halifax so I am not sure if there are different settings for different regions of the Atlantic Provinces. I also have the IPTV setup as well and don’t know if there are different settings for that.

Can you give me a hand getting it to work. Hit me up with an email or comment so I can try to get it working.

My ONT did the same red/yellow flash with the Actiontec. With pfSense (and now DD-WRT), it only flashes green, just like you observed. My understanding is that FibreOP is configured the same across all Atlantic provinces.

If you have IPTV, I’ve already offered a number of my own thoughts on making that work in comments throughout my site (see my FibreOP/DD-WRT article for some of those). I don’t have that service, and really can’t confirm how to do it. Designing a LAN in my head has limitations 😉 All IPTV does is add VLAN 34.

For starters, make sure you’ve got your WAN and LAN interfaces straight, mixing those up will definitely cause a WAN IP of 0.0.0.0. Don’t forget to clone your MAC address properly on the WAN interface. Finally, I would do a power cycle of the equipment. Turn it all off, then power the ONT, and once it is booted, the pfSense box.

Worst case, you could always try swapping WAN/LAN interface cards, to see if there is an issue with VLAN tagging. Some older cards don’t support it.

pfSense seems to have a problem cloning the MAC for the WAN port when you assign a vlan to the WAN port. That’s why you are losing your internet on reboot. Solution is don’t clone the MAC, and everything will work after reboot. Tested on Bell Fibe.

I fought with setting up pfsense for a while and couldn’t get an IP address from Bell. Finally stumbled on what was wrong. When you configure the WAN settings, pfsense console says to set the Speed/duplex settings to Automatic — don’t do this. Leave it at “default” and you will get an IP add. from Bell.

I don’t know why, but my WAN NIC is 10/100/1000 and default chooses 100mbs duplex, while automatic chooses 1000 mbs duplex. The ONT must be forced to 100 duplex… this sucks because I was getting 129 mbs on speed test, now I’m down to 88.

When I originally set this up (3 years ago!) my NIC was only 100 mbps, so I did not encounter this issue. However, I am now using a Ubiquiti EdgeRouter which is gigabit, and I have full gigabit speeds from the ONT. No 100 meg slowdown. Perhaps it is specific to your NIC?

As for MAC spoofing, you are correct. This no longer seems to be required.

The setup is still exactly the same and aside from power outages this setup has NEVER failed me.

I don’t run IPTV as I won’t pay for the service although it’s possible. I run my own media server out of my network, stress testing at full 100Mbps down and 50 Mbps at the same time on dual gigabit NIC’s, only using about 75% CPU.

Thanks Dan for setting me on the right direction years ago, that old R1000H is still on a shelf collecting dust.
You should have seen the Bell tech’s face when he had to come and change the backup battery and noticed the ONT wasn’t hooked up to the unplugged dusty Actiontec.
I tried explaining it to him and she just giggled and said he wasn’t going to create waves if it worked fine. Haha

Hey Chris, I certainly remember you. I’m very happy to hear that the R1000H is wasting away – shame they won’t waive the included rental fee if you give it back (we tried!)

Over time my network has gone through a few evolutions – from pfSense, to DD-WRT, and finally I’m using the Ubiquiti EdgeMax router. It was high time I went gigabit! That thing has been a dream to use, and it’s only marginally more complex than pfSense to configure.

Internet freedom has no price, and to everyone else who has been able to free themselves of a terrible router, well done!

I found this site AGAIN for reference use, I’m still using the same old hardware Intel ATOM PC. But now I’m planning on adding my PIA VPN service to pfsense, but not only that, I’m planning on using multiple paths as my account allows up to 5 “devices”.

So 2 Open VPN streams are going to be load balanced for my torrent setup and 2 more are going on another load balanced for the remainder of my network devices/wifi etc and another single stream for my Media Server because I need port forwarding.

Should be plenty fast and very secure. I just hope I have a strong enough CPU.